@crownpeak/dqm-react-component-dev-mcp 1.2.0

package/data/probe/npm/tests/unit/probeTool-security.test.js

@@ -0,0 +1,283 @@
+/**
+ * Tests for probeTool security validations
+ * @module tests/unit/probeTool-security
+ */
+
+import { jest, describe, test, expect, beforeEach, afterEach } from '@jest/globals';
+import { listFilesTool, searchFilesTool } from '../../src/agent/probeTool.js';
+import path from 'path';
+import { promises as fsPromises } from 'fs';
+import os from 'os';
+
+describe('ProbeTool Security', () => {
+  let testWorkspace;
+  let outsideDir;
+
+  beforeEach(async () => {
+    // Create a temporary workspace directory
+    testWorkspace = path.join(os.tmpdir(), `probe-test-${Date.now()}`);
+    await fsPromises.mkdir(testWorkspace, { recursive: true });
+
+    // Create a test file inside the workspace
+    await fsPromises.writeFile(
+      path.join(testWorkspace, 'test-file.txt'),
+      'test content'
+    );
+
+    // Create a directory outside the workspace
+    outsideDir = path.join(os.tmpdir(), `probe-outside-${Date.now()}`);
+    await fsPromises.mkdir(outsideDir, { recursive: true });
+    await fsPromises.writeFile(
+      path.join(outsideDir, 'outside-file.txt'),
+      'outside content'
+    );
+  });
+
+  afterEach(async () => {
+    // Clean up test directories
+    try {
+      await fsPromises.rm(testWorkspace, { recursive: true, force: true });
+      await fsPromises.rm(outsideDir, { recursive: true, force: true });
+    } catch (error) {
+      // Ignore cleanup errors
+    }
+  });
+
+  describe('listFilesTool Security', () => {
+    test('should allow access to workspace directory', async () => {
+      const result = await listFilesTool.execute({
+        directory: '.',
+        workingDirectory: testWorkspace
+      });
+
+      expect(result).toContain('test-file.txt');
+    });
+
+    test('should allow access to subdirectories within workspace using relative paths', async () => {
+      // Create a subdirectory
+      const subdir = path.join(testWorkspace, 'subdir');
+      await fsPromises.mkdir(subdir);
+      await fsPromises.writeFile(path.join(subdir, 'sub-file.txt'), 'sub content');
+
+      const result = await listFilesTool.execute({
+        directory: 'subdir',
+        workingDirectory: testWorkspace
+      });
+
+      expect(result).toContain('sub-file.txt');
+    });
+
+    test('should reject absolute path outside workspace', async () => {
+      await expect(async () => {
+        await listFilesTool.execute({
+          directory: outsideDir,
+          workingDirectory: testWorkspace
+        });
+      }).rejects.toThrow(/Path traversal attempt detected/);
+    });
+
+    test('should reject path traversal using ../..', async () => {
+      await expect(async () => {
+        await listFilesTool.execute({
+          directory: '../../../',
+          workingDirectory: testWorkspace
+        });
+      }).rejects.toThrow(/Path traversal attempt detected/);
+    });
+
+    test('should reject absolute path to system directories', async () => {
+      await expect(async () => {
+        await listFilesTool.execute({
+          directory: '/etc',
+          workingDirectory: testWorkspace
+        });
+      }).rejects.toThrow(/Path traversal attempt detected/);
+    });
+
+    test('should reject absolute path to home directory', async () => {
+      const homeDir = os.homedir();
+      await expect(async () => {
+        await listFilesTool.execute({
+          directory: homeDir,
+          workingDirectory: testWorkspace
+        });
+      }).rejects.toThrow(/Path traversal attempt detected/);
+    });
+
+    test('should allow access to workspace root using absolute path', async () => {
+      const result = await listFilesTool.execute({
+        directory: testWorkspace,
+        workingDirectory: testWorkspace
+      });
+
+      expect(result).toContain('test-file.txt');
+    });
+
+    test('should allow access to subdirectory using absolute path within workspace', async () => {
+      // Create a subdirectory
+      const subdir = path.join(testWorkspace, 'subdir');
+      await fsPromises.mkdir(subdir);
+      await fsPromises.writeFile(path.join(subdir, 'sub-file.txt'), 'sub content');
+
+      const result = await listFilesTool.execute({
+        directory: subdir,
+        workingDirectory: testWorkspace
+      });
+
+      expect(result).toContain('sub-file.txt');
+    });
+  });
+
+  describe('searchFilesTool Security', () => {
+    test('should allow searching in workspace directory', async () => {
+      const result = await searchFilesTool.execute({
+        pattern: '*.txt',
+        directory: '.',
+        workingDirectory: testWorkspace
+      });
+
+      expect(result).toContain('test-file.txt');
+    });
+
+    test('should allow searching in subdirectories within workspace using relative paths', async () => {
+      // Create a subdirectory
+      const subdir = path.join(testWorkspace, 'subdir');
+      await fsPromises.mkdir(subdir);
+      await fsPromises.writeFile(path.join(subdir, 'sub-file.txt'), 'sub content');
+
+      const result = await searchFilesTool.execute({
+        pattern: '*.txt',
+        directory: 'subdir',
+        workingDirectory: testWorkspace
+      });
+
+      expect(result).toContain('sub-file.txt');
+    });
+
+    test('should reject absolute path outside workspace', async () => {
+      await expect(async () => {
+        await searchFilesTool.execute({
+          pattern: '*.txt',
+          directory: outsideDir,
+          workingDirectory: testWorkspace
+        });
+      }).rejects.toThrow(/Path traversal attempt detected/);
+    });
+
+    test('should reject path traversal using ../..', async () => {
+      await expect(async () => {
+        await searchFilesTool.execute({
+          pattern: '*.txt',
+          directory: '../../../',
+          workingDirectory: testWorkspace
+        });
+      }).rejects.toThrow(/Path traversal attempt detected/);
+    });
+
+    test('should reject absolute path to system directories', async () => {
+      await expect(async () => {
+        await searchFilesTool.execute({
+          pattern: '*.txt',
+          directory: '/etc',
+          workingDirectory: testWorkspace
+        });
+      }).rejects.toThrow(/Path traversal attempt detected/);
+    });
+
+    test('should reject absolute path to home directory', async () => {
+      const homeDir = os.homedir();
+      await expect(async () => {
+        await searchFilesTool.execute({
+          pattern: '*.txt',
+          directory: homeDir,
+          workingDirectory: testWorkspace
+        });
+      }).rejects.toThrow(/Path traversal attempt detected/);
+    });
+
+    test('should allow searching workspace root using absolute path', async () => {
+      const result = await searchFilesTool.execute({
+        pattern: '*.txt',
+        directory: testWorkspace,
+        workingDirectory: testWorkspace
+      });
+
+      expect(result).toContain('test-file.txt');
+    });
+
+    test('should allow searching subdirectory using absolute path within workspace', async () => {
+      // Create a subdirectory
+      const subdir = path.join(testWorkspace, 'subdir');
+      await fsPromises.mkdir(subdir);
+      await fsPromises.writeFile(path.join(subdir, 'sub-file.txt'), 'sub content');
+
+      const result = await searchFilesTool.execute({
+        pattern: '*.txt',
+        directory: subdir,
+        workingDirectory: testWorkspace
+      });
+
+      expect(result).toContain('sub-file.txt');
+    });
+  });
+
+  describe('Dependency Path Bypass', () => {
+    test('should allow /dep/ prefix paths to bypass workspace restrictions', async () => {
+      // This should not throw a "Path traversal" error even though it's outside workspace
+      // It may throw other errors (e.g., directory not found), but not security errors
+      try {
+        await listFilesTool.execute({
+          directory: '/dep/go/fmt',
+          workingDirectory: testWorkspace
+        });
+      } catch (error) {
+        expect(error.message).not.toMatch(/Path traversal attempt detected/);
+      }
+    });
+
+    test('should allow go: prefix paths to bypass workspace restrictions', async () => {
+      try {
+        await listFilesTool.execute({
+          directory: 'go:fmt',
+          workingDirectory: testWorkspace
+        });
+      } catch (error) {
+        expect(error.message).not.toMatch(/Path traversal attempt detected/);
+      }
+    });
+
+    test('should allow js: prefix paths to bypass workspace restrictions', async () => {
+      try {
+        await listFilesTool.execute({
+          directory: 'js:express',
+          workingDirectory: testWorkspace
+        });
+      } catch (error) {
+        expect(error.message).not.toMatch(/Path traversal attempt detected/);
+      }
+    });
+
+    test('should allow rust: prefix paths to bypass workspace restrictions', async () => {
+      try {
+        await listFilesTool.execute({
+          directory: 'rust:serde',
+          workingDirectory: testWorkspace
+        });
+      } catch (error) {
+        expect(error.message).not.toMatch(/Path traversal attempt detected/);
+      }
+    });
+
+    test('should allow /dep/ prefix in searchFilesTool', async () => {
+      try {
+        await searchFilesTool.execute({
+          pattern: '*.go',
+          directory: '/dep/go/fmt',
+          workingDirectory: testWorkspace
+        });
+      } catch (error) {
+        expect(error.message).not.toMatch(/Path traversal attempt detected/);
+      }
+    });
+  });
+});

package/data/probe/npm/tests/unit/readImageTool.test.js

@@ -0,0 +1,418 @@
+import { jest, describe, test, expect, beforeEach, afterEach } from '@jest/globals';
+
+// Mock all the heavy dependencies that ProbeAgent uses
+jest.mock('@ai-sdk/anthropic', () => ({}));
+jest.mock('@ai-sdk/openai', () => ({}));
+jest.mock('@ai-sdk/google', () => ({}));
+jest.mock('@ai-sdk/amazon-bedrock', () => ({}));
+jest.mock('ai', () => ({
+  generateText: jest.fn(),
+  streamText: jest.fn(),
+  tool: jest.fn((config) => ({
+    name: config.name,
+    description: config.description,
+    inputSchema: config.inputSchema,
+    execute: config.execute
+  }))
+}));
+
+import { ProbeAgent } from '../../src/agent/ProbeAgent.js';
+import { writeFileSync, unlinkSync, existsSync, mkdirSync, rmSync } from 'fs';
+import { join } from 'path';
+
+describe('ReadImage Tool', () => {
+  let testDir;
+  let agent;
+  let testImagePath;
+
+  beforeEach(() => {
+    // Create a test directory structure
+    testDir = join(process.cwd(), 'test-readimage-temp');
+    if (!existsSync(testDir)) {
+      mkdirSync(testDir, { recursive: true });
+    }
+
+    // Create a simple 1x1 PNG image
+    const simplePng = Buffer.from([
+      0x89, 0x50, 0x4E, 0x47, 0x0D, 0x0A, 0x1A, 0x0A,
+      0x00, 0x00, 0x00, 0x0D, 0x49, 0x48, 0x44, 0x52,
+      0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01,
+      0x08, 0x06, 0x00, 0x00, 0x00, 0x1F, 0x15, 0xC4,
+      0x89, 0x00, 0x00, 0x00, 0x0D, 0x49, 0x44, 0x41,
+      0x54, 0x78, 0x9C, 0x62, 0x00, 0x02, 0x00, 0x00,
+      0x05, 0x00, 0x01, 0x0D, 0x0A, 0x2D, 0xB4, 0x00,
+      0x00, 0x00, 0x00, 0x49, 0x45, 0x4E, 0x44, 0xAE,
+      0x42, 0x60, 0x82
+    ]);
+
+    testImagePath = join(testDir, 'test-screenshot.png');
+    writeFileSync(testImagePath, simplePng);
+
+    // Initialize agent with the test directory
+    agent = new ProbeAgent({
+      debug: false,
+      path: testDir
+    });
+  });
+
+  afterEach(() => {
+    // Cleanup
+    if (existsSync(testDir)) {
+      rmSync(testDir, { recursive: true, force: true });
+    }
+  });
+
+  describe('Tool availability', () => {
+    test('readImage tool should be available in toolImplementations', () => {
+      expect(agent.toolImplementations).toHaveProperty('readImage');
+      expect(agent.toolImplementations.readImage).toHaveProperty('execute');
+      expect(typeof agent.toolImplementations.readImage.execute).toBe('function');
+    });
+
+    test('readImage tool should be in allowed tools by default', () => {
+      expect(agent.allowedTools.isEnabled('readImage')).toBe(true);
+    });
+  });
+
+  describe('Tool execution', () => {
+    test('should successfully load image when given valid path', async () => {
+      const result = await agent.toolImplementations.readImage.execute({
+        path: testImagePath
+      });
+
+      expect(result).toContain('Image loaded successfully');
+      expect(result).toContain(testImagePath);
+
+      // Verify image was actually loaded into pendingImages
+      expect(agent.pendingImages.has(testImagePath)).toBe(true);
+
+      // Verify it can be retrieved
+      const loadedImages = agent.getCurrentImages();
+      expect(loadedImages.length).toBeGreaterThan(0);
+      expect(loadedImages[0]).toMatch(/^data:image\/png;base64,/);
+    });
+
+    test('should throw error when path parameter is missing', async () => {
+      await expect(
+        agent.toolImplementations.readImage.execute({})
+      ).rejects.toThrow('Image path is required');
+    });
+
+    test('should throw error when image file does not exist', async () => {
+      const nonExistentPath = join(testDir, 'nonexistent.png');
+
+      await expect(
+        agent.toolImplementations.readImage.execute({
+          path: nonExistentPath
+        })
+      ).rejects.toThrow();
+    });
+
+    test('should handle relative paths correctly', async () => {
+      // Create image in a subdirectory
+      const subDir = join(testDir, 'images');
+      mkdirSync(subDir, { recursive: true });
+
+      const simplePng = Buffer.from([
+        0x89, 0x50, 0x4E, 0x47, 0x0D, 0x0A, 0x1A, 0x0A,
+        0x00, 0x00, 0x00, 0x0D, 0x49, 0x48, 0x44, 0x52,
+        0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01,
+        0x08, 0x06, 0x00, 0x00, 0x00, 0x1F, 0x15, 0xC4,
+        0x89, 0x00, 0x00, 0x00, 0x0D, 0x49, 0x44, 0x41,
+        0x54, 0x78, 0x9C, 0x62, 0x00, 0x02, 0x00, 0x00,
+        0x05, 0x00, 0x01, 0x0D, 0x0A, 0x2D, 0xB4, 0x00,
+        0x00, 0x00, 0x00, 0x49, 0x45, 0x4E, 0x44, 0xAE,
+        0x42, 0x60, 0x82
+      ]);
+
+      const imagePath = join(subDir, 'relative.png');
+      writeFileSync(imagePath, simplePng);
+
+      const result = await agent.toolImplementations.readImage.execute({
+        path: imagePath
+      });
+
+      expect(result).toContain('Image loaded successfully');
+      expect(agent.pendingImages.has(imagePath)).toBe(true);
+    });
+
+    test('should support multiple image formats', async () => {
+      const formats = ['test.png', 'test.jpg', 'test.jpeg', 'test.webp', 'test.bmp'];
+
+      // Create a simple PNG for all tests (format validation happens elsewhere)
+      const simplePng = Buffer.from([
+        0x89, 0x50, 0x4E, 0x47, 0x0D, 0x0A, 0x1A, 0x0A,
+        0x00, 0x00, 0x00, 0x0D, 0x49, 0x48, 0x44, 0x52,
+        0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01,
+        0x08, 0x06, 0x00, 0x00, 0x00, 0x1F, 0x15, 0xC4,
+        0x89, 0x00, 0x00, 0x00, 0x0D, 0x49, 0x44, 0x41,
+        0x54, 0x78, 0x9C, 0x62, 0x00, 0x02, 0x00, 0x00,
+        0x05, 0x00, 0x01, 0x0D, 0x0A, 0x2D, 0xB4, 0x00,
+        0x00, 0x00, 0x00, 0x49, 0x45, 0x4E, 0x44, 0xAE,
+        0x42, 0x60, 0x82
+      ]);
+
+      for (const filename of formats) {
+        const imagePath = join(testDir, filename);
+        writeFileSync(imagePath, simplePng);
+
+        const result = await agent.toolImplementations.readImage.execute({
+          path: imagePath
+        });
+
+        expect(result).toContain('Image loaded successfully');
+        expect(agent.pendingImages.has(imagePath)).toBe(true);
+      }
+    });
+
+    test('should not load the same image twice', async () => {
+      // Load image first time
+      await agent.toolImplementations.readImage.execute({
+        path: testImagePath
+      });
+
+      const imagesAfterFirst = agent.getCurrentImages().length;
+
+      // Load same image again
+      await agent.toolImplementations.readImage.execute({
+        path: testImagePath
+      });
+
+      const imagesAfterSecond = agent.getCurrentImages().length;
+
+      // Should still have same number of images (no duplicate)
+      expect(imagesAfterSecond).toBe(imagesAfterFirst);
+    });
+  });
+
+  describe('Security', () => {
+    test('should respect allowed folders security', async () => {
+      // Create agent with restricted allowed folders
+      const restrictedAgent = new ProbeAgent({
+        debug: false,
+        path: testDir,
+        allowedFolders: [testDir] // Only allow test directory
+      });
+
+      // Try to load image outside allowed folder
+      const outsidePath = '/tmp/malicious.png';
+
+      await expect(
+        restrictedAgent.toolImplementations.readImage.execute({
+          path: outsidePath
+        })
+      ).rejects.toThrow();
+    });
+
+    test('should validate file size limits', async () => {
+      // The loadImageIfValid method should enforce MAX_IMAGE_FILE_SIZE (20MB)
+      // This test verifies the tool respects that limit
+      const result = await agent.toolImplementations.readImage.execute({
+        path: testImagePath
+      });
+
+      expect(result).toContain('Image loaded successfully');
+    });
+
+    test('should prevent path traversal attacks with .. sequences', async () => {
+      const restrictedAgent = new ProbeAgent({
+        debug: false,
+        path: testDir,
+        allowedFolders: [testDir]
+      });
+
+      // Try path traversal attack
+      const traversalPath = join(testDir, '..', '..', 'etc', 'passwd');
+
+      await expect(
+        restrictedAgent.toolImplementations.readImage.execute({
+          path: traversalPath
+        })
+      ).rejects.toThrow();
+    });
+
+    test('should prevent path traversal in extension extraction', async () => {
+      // This tests that basename is used to extract extension safely
+      const restrictedAgent = new ProbeAgent({
+        debug: false,
+        path: testDir,
+        allowedFolders: [testDir]
+      });
+
+      // Path designed to look like valid extension but contains traversal
+      const maliciousPath = 'malicious.png/../../../etc/passwd';
+
+      await expect(
+        restrictedAgent.toolImplementations.readImage.execute({
+          path: maliciousPath
+        })
+      ).rejects.toThrow();
+    });
+
+    test('should handle normalized path prefix attacks', async () => {
+      // Test that /allowed/path doesn't match /allowed/pathsuffix
+      const restrictedAgent = new ProbeAgent({
+        debug: false,
+        path: testDir,
+        allowedFolders: [testDir]
+      });
+
+      // Create a sibling directory name that starts with testDir name
+      const siblingPath = testDir + '-sibling/image.png';
+
+      await expect(
+        restrictedAgent.toolImplementations.readImage.execute({
+          path: siblingPath
+        })
+      ).rejects.toThrow();
+    });
+
+    test('should reject invalid extensions even without apiType set', async () => {
+      // Test that extension validation happens regardless of apiType
+      const agentWithoutApiType = new ProbeAgent({
+        debug: false,
+        path: testDir
+      });
+      // Ensure apiType is not set
+      agentWithoutApiType.apiType = null;
+
+      // Try to load a file with invalid extension
+      await expect(
+        agentWithoutApiType.toolImplementations.readImage.execute({
+          path: join(testDir, 'malicious.exe')
+        })
+      ).rejects.toThrow(/Invalid or unsupported image extension/);
+    });
+
+    test('should reject path traversal disguised as valid extension', async () => {
+      const restrictedAgent = new ProbeAgent({
+        debug: false,
+        path: testDir,
+        allowedFolders: [testDir]
+      });
+
+      // Path that looks like it has a valid extension but is actually traversal
+      // basename('malicious.png/../../../etc/passwd') = 'passwd'
+      // extension of 'passwd' = 'passwd' (not in allowed list)
+      await expect(
+        restrictedAgent.toolImplementations.readImage.execute({
+          path: 'malicious.png/../../../etc/passwd'
+        })
+      ).rejects.toThrow(/Invalid or unsupported image extension/);
+    });
+  });
+
+  describe('Provider-specific format restrictions (GitHub issue #305)', () => {
+    test('should reject SVG files when using Google provider', async () => {
+      // Create an agent with Google provider
+      // Note: We need to manually set apiType since mocks prevent normal initialization
+      const googleAgent = new ProbeAgent({
+        debug: false,
+        path: testDir
+      });
+      googleAgent.apiType = 'google';  // Simulate Google provider
+
+      // Create a simple SVG file
+      const svgContent = '<svg xmlns="http://www.w3.org/2000/svg"><rect width="1" height="1"/></svg>';
+      const svgPath = join(testDir, 'test.svg');
+      writeFileSync(svgPath, svgContent);
+
+      // Attempting to read SVG should throw error
+      await expect(
+        googleAgent.toolImplementations.readImage.execute({
+          path: svgPath
+        })
+      ).rejects.toThrow(/not supported by the current AI provider/);
+    });
+
+    test('should allow SVG files when using Anthropic provider', async () => {
+      // Create an agent with Anthropic provider
+      // Note: We need to manually set apiType since mocks prevent normal initialization
+      const anthropicAgent = new ProbeAgent({
+        debug: false,
+        path: testDir
+      });
+      anthropicAgent.apiType = 'anthropic';  // Simulate Anthropic provider
+
+      // Create a simple SVG file
+      const svgContent = '<svg xmlns="http://www.w3.org/2000/svg"><rect width="1" height="1"/></svg>';
+      const svgPath = join(testDir, 'test-anthropic.svg');
+      writeFileSync(svgPath, svgContent);
+
+      // Attempting to read SVG should succeed
+      const result = await anthropicAgent.toolImplementations.readImage.execute({
+        path: svgPath
+      });
+
+      expect(result).toContain('Image loaded successfully');
+    });
+
+    test('loadImageIfValid should load SVG (provider filtering handled by readImage tool)', async () => {
+      // Note: loadImageIfValid is a low-level method that only checks general format support.
+      // Provider-specific filtering (e.g., SVG not supported by Google Gemini) is handled
+      // by the readImage tool which provides explicit error messages.
+      const agent = new ProbeAgent({
+        debug: false,
+        path: testDir
+      });
+
+      const svgContent = '<svg xmlns="http://www.w3.org/2000/svg"><rect width="1" height="1"/></svg>';
+      const svgPath = join(testDir, 'test-load.svg');
+      writeFileSync(svgPath, svgContent);
+
+      // loadImageIfValid should succeed - it doesn't do provider-specific filtering
+      const result = await agent.loadImageIfValid(svgPath);
+      expect(result).toBe(true);
+    });
+  });
+
+  describe('Integration with message flow', () => {
+    test('loaded images should be available in getCurrentImages', async () => {
+      agent.clearLoadedImages();
+
+      await agent.toolImplementations.readImage.execute({
+        path: testImagePath
+      });
+
+      const images = agent.getCurrentImages();
+      expect(images.length).toBe(1);
+      expect(images[0]).toMatch(/^data:image\/png;base64,/);
+    });
+
+    test('should work alongside processImageReferences method (for explicit image processing)', async () => {
+      // Note: Automatic image processing after tool results was removed in GitHub issue #305
+      // The processImageReferences method still exists for explicit use when needed
+
+      // Clear any existing images
+      agent.clearLoadedImages();
+
+      // Manually call processImageReferences (this is no longer called automatically)
+      const toolResultWithImage = `Found the file at ${testImagePath}`;
+      await agent.processImageReferences(toolResultWithImage);
+
+      const imagesFromProcessing = agent.getCurrentImages().length;
+
+      // Now explicitly read another image using readImage tool
+      const anotherImage = join(testDir, 'another.png');
+      const simplePng = Buffer.from([
+        0x89, 0x50, 0x4E, 0x47, 0x0D, 0x0A, 0x1A, 0x0A,
+        0x00, 0x00, 0x00, 0x0D, 0x49, 0x48, 0x44, 0x52,
+        0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01,
+        0x08, 0x06, 0x00, 0x00, 0x00, 0x1F, 0x15, 0xC4,
+        0x89, 0x00, 0x00, 0x00, 0x0D, 0x49, 0x44, 0x41,
+        0x54, 0x78, 0x9C, 0x62, 0x00, 0x02, 0x00, 0x00,
+        0x05, 0x00, 0x01, 0x0D, 0x0A, 0x2D, 0xB4, 0x00,
+        0x00, 0x00, 0x00, 0x49, 0x45, 0x4E, 0x44, 0xAE,
+        0x42, 0x60, 0x82
+      ]);
+      writeFileSync(anotherImage, simplePng);
+
+      await agent.toolImplementations.readImage.execute({
+        path: anotherImage
+      });
+
+      const totalImages = agent.getCurrentImages().length;
+      expect(totalImages).toBeGreaterThan(imagesFromProcessing);
+    });
+  });
+});